Business logic data validation[New!] NOTE MAT: to discuss this section
Ability to forge requests[New!]
Lack of integrity checks (e.g. overwriting updates) [New!]
Lack of tamper evidence[New!]
Use of untrusted time source[New!]
Lack of limits to excessive rate (speed) of use[New!]
Lack of limits to size of request[New!]
Lack of limit to number of times a function can be used[New!]
Bypass of correct sequence[New!]
Missing user-viewable log of actvity[New!]
Self-hosted payment cardholder data processing[New!]
Lack of security incident reporting information[New!]
Defenses against application mis-use[New!]